Phase 2: Scanning

• Network Scanning:

• Host Scanning --> ping scans vs no-ping scans

• Idle Scanning

• Port Scanning

• Probing Services

• OS fingerprinting

• Firewall Evasion

• DNS Enumeration

• Tools:

  • NMAP
  • WIRESHARK (Analysis)
  • FPING
  • PING SWEEP

• Crafting packets for scanning purposes: (port probing and host detection /idle scanning)

  • HPING

• Firewall Evasion:

  • Fragmentation

  • Decoy

  • Timing

  • Source Ports

DNS Enumeration:

• • NSLOOKUP

  • DIG

  • DNS ENUM

  • DNS map

• IP lookups to determine if there are subdomains:

  • Reverse Lookup

  • MSN Bing for Reverse lookup

    • EX: ip: 208.890.67.89

  • Enumerating Tools:

    • Domain Neighbors
    • Domain Tools
    • Robtex

• Further DNS Probing :

  • Reverse lookup

  • Zone Transfer

  • Maltego

  • DNS Dumpster